From 9a36ceb4227e3c65ac90af8e534e2a2daddc285e Mon Sep 17 00:00:00 2001 From: nachoparker Date: Fri, 25 Jan 2019 18:55:48 -0700 Subject: letsencrypt: use the latest github version --- bin/ncp/NETWORKING/letsencrypt.sh | 73 +++++++++++++++++++++++-------------- changelog.md | 6 ++- docker-armhf/nextcloudpi/Dockerfile | 27 ++++++++++++++ docker/nextcloudpi/Dockerfile | 27 ++++++++++++++ etc/ncp-config.d/freeDNS.cfg | 2 +- update.sh | 14 +++++++ 6 files changed, 119 insertions(+), 30 deletions(-) diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index 51f36c22..06b49b1d 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -8,10 +8,10 @@ # More at https://ownyourbits.com/2017/03/17/lets-encrypt-installer-for-apache/ -NCDIR=/var/www/nextcloud -OCC="$NCDIR/occ" -VHOSTCFG=/etc/apache2/sites-available/nextcloud.conf -VHOSTCFG2=/etc/apache2/sites-available/ncp.conf +ncdir=/var/www/nextcloud +vhostcfg=/etc/apache2/sites-available/nextcloud.conf +vhostcfg2=/etc/apache2/sites-available/ncp.conf +letsencrypt=/etc/letsencrypt/letsencrypt-auto is_active() { @@ -22,7 +22,13 @@ install() { cd /etc || return 1 apt-get update - apt-get install --no-install-recommends -y letsencrypt + apt-get install --no-install-recommends -y python3-minimal + wget -O- --content-disposition https://github.com/letsencrypt/letsencrypt/archive/master/latest.tar.gz \ + | tar -xz \ + || exit 1 + mv certbot-master letsencrypt + export VIRTUALENV_NO_DOWNLOAD=1 # temporal workaround for https://github.com/certbot/certbot/issues/6682 + $letsencrypt --help # do not actually run certbot, only install packages mkdir -p /etc/letsencrypt/live [[ "$DOCKERBUILD" == 1 ]] && { @@ -40,7 +46,7 @@ EOF return 0 } -# tested with certbot 0.10.2 +# tested with certbot 0.30.0 configure() { local DOMAIN_LOWERCASE="${DOMAIN,,}" @@ -48,58 +54,71 @@ configure() [[ "$DOMAIN" == "" ]] && { echo "empty domain"; return 1; } # Configure Apache - grep -q ServerName $VHOSTCFG && \ - sed -i "s|ServerName .*|ServerName $DOMAIN|" $VHOSTCFG || \ - sed -i "/DocumentRoot/aServerName $DOMAIN" $VHOSTCFG + grep -q ServerName $vhostcfg && \ + sed -i "s|ServerName .*|ServerName $DOMAIN|" $vhostcfg || \ + sed -i "/DocumentRoot/aServerName $DOMAIN" $vhostcfg # Do it - letsencrypt certonly -n --no-self-upgrade --webroot -w $NCDIR --hsts --agree-tos -m $EMAIL -d $DOMAIN && { + $letsencrypt certonly -n --no-self-upgrade --webroot -w $ncdir --hsts --agree-tos -m $EMAIL -d $DOMAIN && { # Set up auto-renewal cat > /etc/cron.weekly/letsencrypt-ncp </dev/null & - rm -rf $NCDIR/.well-known + rm -rf $ncdir/.well-known # Update configuration [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt enable return 0 } - rm -rf $NCDIR/.well-known + rm -rf $ncdir/.well-known return 1 } +cleanup() +{ + apt-get purge -y \ + augeas-lenses \ + libpython-dev \ + libpython2.7-dev \ + libssl-dev \ + python-dev \ + python2.7-dev \ + python-pip-whl +} + + # License # # This script is free software; you can redistribute it and/or modify it diff --git a/changelog.md b/changelog.md index 8f7644d8..753fac21 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,9 @@ -[v1.4.8](https://github.com/nextcloud/nextcloudpi/commit/ea9a1ea) (2019-01-26) ncp-update-nc: fix unnecessary quotes +[v1.4.9](https://github.com/nextcloud/nextcloudpi/commit/c0f4b78) (2019-01-25) letsencrypt: use the latest github version -[v1.4.7](https://github.com/nextcloud/nextcloudpi/commit/ffc1fa5) (2019-01-25) ncp-config: fix local variables +[v1.4.8](https://github.com/nextcloud/nextcloudpi/commit/338da33) (2019-01-26) ncp-update-nc: fix unnecessary quotes + +[v1.4.7 ](https://github.com/nextcloud/nextcloudpi/commit/ffc1fa5) (2019-01-25) ncp-config: fix local variables [v1.4.6 ](https://github.com/nextcloud/nextcloudpi/commit/b338ede) (2019-01-24) ncp-config: fix missing variable diff --git a/docker-armhf/nextcloudpi/Dockerfile b/docker-armhf/nextcloudpi/Dockerfile index f2da9f88..e817b859 100644 --- a/docker-armhf/nextcloudpi/Dockerfile +++ b/docker-armhf/nextcloudpi/Dockerfile @@ -46,6 +46,33 @@ rm /.ncp-image; \ source /usr/local/etc/library.sh; \ find /usr/local/bin/ncp -name '*.sh' | while read l; do cleanup_script $l; done; \ +# letsencrypt build artifacts cleanup +apt-get purge -y \ + make \ + binutils \ + cpp \ + cpp-6 \ + gcc \ + gcc-6 \ + libasan3 \ + libaugeas0 \ + libc-dev-bin \ + libc6-dev \ + libcc1-0 \ + libexpat1-dev \ + libffi-dev \ + libgcc-6-dev \ + libgomp1 \ + libisl15 \ + libmpc3 \ + libubsan0 \ + linux-libc-dev \ + python-virtualenv \ + python-pkg-resources \ + python3-pkg-resources \ + python3-virtualenv \ + virtualenv; \ + # should be cleaned up in no-ip.sh, but breaks udiskie. # safe to do it here since no automount in docker apt-get purge -y make gcc libc-dev; \ diff --git a/docker/nextcloudpi/Dockerfile b/docker/nextcloudpi/Dockerfile index 2cfdc4e1..4d280546 100644 --- a/docker/nextcloudpi/Dockerfile +++ b/docker/nextcloudpi/Dockerfile @@ -46,6 +46,33 @@ rm /.ncp-image; \ source /usr/local/etc/library.sh; \ find /usr/local/bin/ncp -name '*.sh' | while read l; do cleanup_script $l; done; \ +# letsencrypt build artifacts cleanup +apt-get purge -y \ + make \ + binutils \ + cpp \ + cpp-6 \ + gcc \ + gcc-6 \ + libasan3 \ + libaugeas0 \ + libc-dev-bin \ + libc6-dev \ + libcc1-0 \ + libexpat1-dev \ + libffi-dev \ + libgcc-6-dev \ + libgomp1 \ + libisl15 \ + libmpc3 \ + libubsan0 \ + linux-libc-dev \ + python-virtualenv \ + python-pkg-resources \ + python3-pkg-resources \ + python3-virtualenv \ + virtualenv; \ + # should be cleaned up in no-ip.sh, but breaks udiskie. # safe to do it here since no automount in docker apt-get purge -y make gcc libc-dev; \ diff --git a/etc/ncp-config.d/freeDNS.cfg b/etc/ncp-config.d/freeDNS.cfg index 8c4977b3..40a9c8cd 100644 --- a/etc/ncp-config.d/freeDNS.cfg +++ b/etc/ncp-config.d/freeDNS.cfg @@ -2,7 +2,7 @@ "id": "freeDNS", "name": "Dynamic DNS from freeDNS", "title": "freeDNS", - "description": "DynamicDNS service from FreeDNS client (need account from https://freedns.afraid.org/)", + "description": "FreeDNS DynamicDNS service (need account from https://freedns.afraid.org/)", "info": "", "infotitle": "", "params": [ diff --git a/update.sh b/update.sh index 279fd487..978f728d 100755 --- a/update.sh +++ b/update.sh @@ -276,6 +276,20 @@ EOF [[ "$( ls -1 /etc/cron.daily/ | wc -l )" -gt 0 ]] && chmod 755 /etc/cron.daily/* [[ "$( ls -1 /etc/cron.hourly/ | wc -l )" -gt 0 ]] && chmod 755 /etc/cron.hourly/* + # change letsencrypt from package based to git based + [[ -f /etc/letsencrypt/certbot-auto ]] || { + echo "updating letsencrypt..." + [[ -f /.docker-image ]] && mv "$(readlink /etc/letsencrypt)" /etc/letsencrypt-old + [[ -f /.docker-image ]] || mv /etc/letsencrypt /etc/letsencrypt-old + rm -f /etc/letsencrypt + apt-get remove -y letsencrypt + apt-get autoremove -y + install_app letsencrypt + cp -raT /etc/letsencrypt-old/live /etc/letsencrypt/live + [[ -f /.docker-image ]] && persistent_cfg /etc/letsencrypt + [[ -f /etc/cron.weekly/letsencrypt-ncp ]] && run_app letsencrypt + } + # remove redundant opcache configuration. Leave until update bug is fixed -> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815968 # Bug #416 reappeared after we moved to php7.2 and debian buster packages. (keep last) [[ "$( ls -l /etc/php/7.2/fpm/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.2/fpm/conf.d/*-opcache.ini | tail -1 )" -- cgit v1.2.3